Technologies that guarantee privacy protection while keeping data practically useful for medical research are essential for the viability of both medical research and doctor-patient confidentiality. Patient-specific, population-based clinical and/or genomic databases are emerging in many areas of medical research. These databases simultaneously offer tremendous scientific potential and catastrophic privacy risks. Developers have integrated privacy shields in today's databases, but these are naTve and ad hoc first attempts with no provable and little (or no) real-world privacy protection. We envision databases in which it can be scientifically shown that: (1) no person whose information is contained in the database can be reidentified; (2) researchers can access necessary information easily; and, (3) experimental results are equivalent to results found in the absence of privacy protection. Our specific research aims are: [unreadable] [unreadable] Aim 1. To provide a protocol that thwarts a common re-identification vulnerability. [unreadable] Encrypted pseudonyms as a privacy guard are prevalent in many of today's databases, but we will show that the believed protection is often a fallacy. We then build on our prior experience with cryptographic protocols to develop methods that insulate against the vulnerability we reveal. [unreadable] Aim 2. To provide tools that reduce IRB burdens. Human review of protocols (by IRBs) are the most used privacy safeguard in medical research. We will reduce IRB burdens by creating a tool for automatically identifying optimal data subsets for pre-approval. This builds on our prior experience with automated privacy risk assessments and on data mining algorithms. [unreadable] Aim 3. To create a new research paradigm in which software agents (not humans) access sensitive data. Rather than sharing data, we will construct a system in which software agents (working on behalf of human researchers) perform computations on secluded data and report verifiable results back to researchers. Results are shared, not specific patient values. This approach builds on prior work in database security on query restriction and inference control. [unreadable] [unreadable] These research activities are conducted in a computer science lab and an informatics group to ensure [unreadable] generalizable, yet practical solutions. Construction of new technologies with their accompanying proofs of privacy and utility will be done at Carnegie Mellon using publicly and semi-publicly available data, so results can be publicly verified. Researchers at Vanderbilt will implement these new technologies within their own systems, thereby verifying practical results on sensitive patient information. [unreadable] [unreadable]